On Fri, Jul 18, 2003 at 09:06:00AM -0500, Greinke, Ross wrote: > Is there a simple WebWork pattern that helps to ensure that a user has > gone thru the normal login page? >
[snip] You could do what Sebastiano suggested - letting the J2EE Container based security handle this for you. Another approach (that you could combine with the J2EE based security) is to write a javax.servlet.Filter that you put in front of every protected URL (or *). Let the filter check for authentication data in the session and let the request pass, or redirect to your login-page. Combined with the j2ee based security you'd let the filter check for authentication stuff in the session, and if not found check for a valid principal in the request (request.getUserPrincipal()) and if found populate the authentication data in the session - otherwise redirect the user to login-page. //Anders -- . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Anders Engström [EMAIL PROTECTED] . http://www.gnejs.net PGP-Key: ED010E7F . [Your mind is like an umbrella. It doesn't work unless you open it.]
pgp00000.pgp
Description: PGP signature
